@@ -274,33 +274,6 @@ class AuditReport extends Map {
274 274
throw new Error('do not call AuditReport.set() directly')
275 275
}
276 276 277 -
// convert a quick-audit into a bulk advisory listing
278 -
static auditToBulk (report) {
279 -
if (!report.advisories) {
280 -
// tack on the report json where the response body would go
281 -
throw Object.assign(new Error('Invalid advisory report'), {
282 -
body: JSON.stringify(report),
283 -
})
284 -
}
285 - 286 -
const bulk = {}
287 -
const { advisories } = report
288 -
for (const advisory of Object.values(advisories)) {
289 -
const {
290 -
id,
291 -
url,
292 -
title,
293 -
severity = 'high',
294 -
vulnerable_versions = '*',
295 -
module_name: name,
296 -
} = advisory
297 -
bulk[name] = bulk[name] || []
298 -
bulk[name].push({ id, url, title, severity, vulnerable_versions })
299 -
}
300 - 301 -
return bulk
302 -
}
303 - 304 277
async [_getReport] () {
305 278
// if we're not auditing, just return false
306 279
if (this.options.audit === false || this.options.offline === true || this.tree.inventory.size === 1) {
@@ -309,39 +282,24 @@ class AuditReport extends Map {
309 282 310 283
const timeEnd = time.start('auditReport:getReport')
311 284
try {
312 -
try {
313 -
// first try the super fast bulk advisory listing
314 -
const body = prepareBulkData(this.tree, this[_omit], this.filterSet)
315 -
log.silly('audit', 'bulk request', body)
316 - 317 -
// no sense asking if we don't have anything to audit,
318 -
// we know it'll be empty
319 -
if (!Object.keys(body).length) {
320 -
return null
321 -
}
285 +
const body = prepareBulkData(this.tree, this[_omit], this.filterSet)
286 +
log.silly('audit', 'bulk request', body)
322 287 323 -
const res = await fetch('/-/npm/v1/security/advisories/bulk', {
324 -
...this.options,
325 -
registry: this.options.auditRegistry || this.options.registry,
326 -
method: 'POST',
327 -
gzip: true,
328 -
body,
329 -
})
330 - 331 -
return await res.json()
332 -
} catch (er) {
333 -
log.silly('audit', 'bulk request failed', String(er.body))
334 -
// that failed, try the quick audit endpoint
335 -
const body = prepareData(this.tree, this.options)
336 -
const res = await fetch('/-/npm/v1/security/audits/quick', {
337 -
...this.options,
338 -
registry: this.options.auditRegistry || this.options.registry,
339 -
method: 'POST',
340 -
gzip: true,
341 -
body,
342 -
})
343 -
return AuditReport.auditToBulk(await res.json())
288 +
// no sense asking if we don't have anything to audit,
289 +
// we know it'll be empty
290 +
if (!Object.keys(body).length) {
291 +
return null
344 292
}
293 + 294 +
const res = await fetch('/-/npm/v1/security/advisories/bulk', {
295 +
...this.options,
296 +
registry: this.options.auditRegistry || this.options.registry,
297 +
method: 'POST',
298 +
gzip: true,
299 +
body,
300 +
})
301 + 302 +
return await res.json()
345 303
} catch (er) {
346 304
log.verbose('audit error', er)
347 305
log.silly('audit error', String(er.body))
@@ -384,32 +342,4 @@ const prepareBulkData = (tree, omit, filterSet) => {
384 342
return payload
385 343
}
386 344 387 -
const prepareData = (tree, opts) => {
388 -
const { npmVersion: npm_version } = opts
389 -
const node_version = process.version
390 -
const { platform, arch } = process
391 -
const { NODE_ENV: node_env } = process.env
392 -
const data = tree.meta.commit()
393 -
// the legacy audit endpoint doesn't support any kind of pre-filtering
394 -
// we just have to get the advisories and skip over them in the report
395 -
return {
396 -
name: data.name,
397 -
version: data.version,
398 -
requires: {
399 -
...(tree.package.devDependencies || {}),
400 -
...(tree.package.peerDependencies || {}),
401 -
...(tree.package.optionalDependencies || {}),
402 -
...(tree.package.dependencies || {}),
403 -
},
404 -
dependencies: data.dependencies,
405 -
metadata: {
406 -
node_version,
407 -
npm_version,
408 -
platform,
409 -
arch,
410 -
node_env,
411 -
},
412 -
}
413 -
}
414 - 415 345
module.exports = AuditReport
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4